A network service provider allocates an Internet Protocol (IP) address for connections between a particular subscriber of a network service, associated with a user device (e.g., a computer, a mobile phone device, etc.), and web service(s). An increase in the number of network (e.g., Internet) users is causing a rapid depletion of available unallocated IP addresses (e.g., IP Version 4 (IPv4) address exhaustion, IP Version 6 (IPv6) address exhaustion).
To counter depletion of IP addresses, network service providers use network address translation (NAT) to share a public IP address among a number of different subscribers. Government regulations require network providers to store binding history between IP addresses, ports, and user devices to assist law enforcement agencies with Internet-related investigations. The binding information may become very large and costly for a network service provider to store.
In order to minimize the amount of binding information that needs to be stored, network service providers allocate a continuous port range to a subscriber instead of allocating an individual port for each session associated with the subscriber. Allocating contiguous port ranges instead of allocating individual ports per sessions allows the network subscriber to only store information for the ranges. However, allocating a static port range to a particular subscriber substantially increases the particular user's susceptibility to security attacks because the static port range makes it easier for an attacker to guess (e.g., pinpoint) one of the particular ports, in the static range, that is being used by a subscriber.